SharpTongue: pwning your foreign policy, one interview request at a time
Contents
2023
LONDON
4 - 6 October, 2023 / London, United Kingdom
SHARPTONGUE: PWNING YOUR FOREIGN POLICY,
ONE INTERVIEW REQUEST AT A TIME
Tom Lancaster
Volexity, UK
[email protected]
www.virusbulletin.com
SHARPTONGUE: PWNING YOUR FOREIGN POLICY, ONE INTERVIEW REQUEST AT A TIME LANCASTER
ABSTRACT
This paper walks through several years of spear phishing and malware, observed first-hand [1] by Volexity, by a North
Korean [2] threat actor Volexity tracks as ‘SharpTongue’. While this threat actor is often commonly referred to as
‘Kimsuky’ [3] in other public reporting, the Kimsuky moniker has grown over the years to include activity that we and
others track as the work of distinct and separate threat actors.
We work with numerous individuals and defend the networks of several organizations that see a constant barrage of
phishing attacks from SharpTongue. In some cases, the end goal is simply credential theft, but more commonly the goal is
to install malware. From a social-engineering perspective, SharpTongue is a grandmaster, using a range of tricks to gain a
user’s …
LONDON
4 - 6 October, 2023 / London, United Kingdom
SHARPTONGUE: PWNING YOUR FOREIGN POLICY,
ONE INTERVIEW REQUEST AT A TIME
Tom Lancaster
Volexity, UK
[email protected]
www.virusbulletin.com
SHARPTONGUE: PWNING YOUR FOREIGN POLICY, ONE INTERVIEW REQUEST AT A TIME LANCASTER
ABSTRACT
This paper walks through several years of spear phishing and malware, observed first-hand [1] by Volexity, by a North
Korean [2] threat actor Volexity tracks as ‘SharpTongue’. While this threat actor is often commonly referred to as
‘Kimsuky’ [3] in other public reporting, the Kimsuky moniker has grown over the years to include activity that we and
others track as the work of distinct and separate threat actors.
We work with numerous individuals and defend the networks of several organizations that see a constant barrage of
phishing attacks from SharpTongue. In some cases, the end goal is simply credential theft, but more commonly the goal is
to install malware. From a social-engineering perspective, SharpTongue is a grandmaster, using a range of tricks to gain a
user’s …
IoC
4d63c840d5f4022666878b5d6ccd0da54d281fd4751a2c390b8795dfdfc35801